Entrust nShield 5c Quick Start Manual page 2

Configure the network connectivity for the nShield 5c
There are two methods to configure the nShield 5c network connectivity:
•
Using the front panel of the nShield 5c.
• Using a serial console command line via the serial port aggregator.
NOTE - This guide includes commands/options to configure IPv4 networking. IPv6 networking is also
supported.
To configure network connectivity using the front panel:
1. Using the front panel screen and controls (or keyboard), set the IP address for your primary
subnetwork:
System (1) > System configuration (1-1) > Network configuration (1-1-1) >
Set up interface #1 (1-1-1-1) > Configure #1 IPv4 (1-1-1-1-1) > Static IPv4 address (1-1-1-1-1-2).
Enter the IP address and subnet mask, confirm the details, and finish.
2. Set the default gateway IP address for your primary subnetwork:
System (1) > System configuration (1-1) > Network configuration (1-1-1) >
Set default gateway (1-1-1-4) > IPv4 Gateway (1-1-1-4-1).
Enter the IP address, confirm the details, and finish.
3. If you want to set a network bond, routing tables, or IPv6 compliance, see the nShield 5c Installation
Guide.
To configure network connectivity using the serial console command line:
1. Log in to your aggregator interface. Refer to the aggregator documentation for details.
2. In the aggregator interface, access the configuration for the aggregator port to which your nShield 5c
is connected, and ensure that SSH connections are permitted to the port.
3. Start your chosen SSH software and start an SSH session to the port on the aggregator.
4. Enter credentials for the aggregator, and then enter credentials for the nShield 5c, see the nShield 5c
User Guide.
5. Change your password if prompted. The serial console command line appears.
6. Optionally, type ? and press Enter to list all serial console commands.
7. Set the IP address for the nShield 5c on your primary network (interface 0) using the following serial
console command:
netcfg iface=0 addr=<5c_ip_addr> netmask=<netmask>
8. Set the default gateway using the following serial console command:
gateway <gateway_ip_addr>
Create and configure the Remote File System for the nShield 5c
Each nShield 5c must have a single Remote File System (RFS) configured. This stores master copies of all
the files that the nShield 5c needs. The RFS can be on any machine in the same network as the nShield 5c.
You will be able to access the nShield 5c via any client that is configured on the nShield 5c. See the
nShield 5c Installation Guide for more information about the RFS.
To create the RFS for the nShield 5c, you must use Security World software commands:
1. Log in to the machine/VM which you want to act as the RFS and access a command prompt.
2. Determine the Electronic Serial Number (ESN) and hash of the nShield 5c using the following Security
World command:
anonkneti <5c_ip_addr>
The ESN and hash are displayed.
3. Set up the RFS using the following Security World command:
rfs-setup <5c_ip_addr> <5c_esn> <5c_hash>
For this command, <5c_esn> and <5c_hash> are outputs from the anonkneti command.
MAN10003-00-01 10 May 2022 Copyright © 2022 Entrust Corporation
There are two methods to configure the RFS for the nShield 5c:
•
Using the front panel.
• Using the serial console command line.
To configure the RFS for the nShield 5c using the front panel:
1. Using the front panel screen and controls (or keyboard), set the IP address for the machine/VM
containing the RFS:
System (1) > System configuration (1-1) > Remote file system (1-1-3)
Enter the IP address and port number. NOTE - This port must be open on the machine/VM's firewall.
Choose if you want to enable config push on the RFS. See the nShield 5c Installation Guide for details.
Choose if you want to enable secure authentication on the RFS and configure if required. See the
nShield 5c Installation Guide for details.
Confirm the details and finish.
2. Enable the client auto push feature from the nShield 5c to a configured nToken client:
System (1) > System configuration (1-1) > Config file options (1-1-6) > Setup auto push (1-1-6-2) >
auto push mode (1-1-6-2-1)
Enable auto push mode, and then configure auto push mode.
System (1) > System configuration (1-1) > Config file options (1-1-6) > Setup auto push (1-1-6-2) >
Push address (1-1-6-2-2)
Enter the IP address of the client, confirm the details, and finish.
3. Configure log file storage options:
System (1) > System configuration (1-1) > Log config (1-1-7)
Select Append to store logs on both the nShield 5c and the RFS or select Log to store on the
nShield 5c only.
Select the frequency of log saves (in minutes), confirm the details, and finish.
4. Optionally, set the date and time on the nShield 5c:
System (1) > System configuration (1-1) > Date/time setting (1-1-8)
Set the date and time, confirm the details, and finish.
To configure the RFS for the nShield 5c using the serial console command line:
1. From any machine in the network, start an SSH session to the serial port aggregator, and access the
serial console command line.
2. Set the IP address for the machine/VM containing the RFS using the following serial console command:
rfsaddr <rfs_ip_addr>:<port>
3. Enable client auto push between the client and the nShield 5c:
push ON <client_ip_addr>
4. Configure log storage by referring to the nShield 5c User Guide. This cannot be done using the serial
console.
5. Optionally, set the date and time on the nShield 5c:
date [MMDDhhmm[YYYY][.ss]]
Set the date and time, confirm the details, and finish.
Enrol a client on the nShield 5c
You must now teach the nShield 5c about a client, and then enrol that client on the nShield 5c.
NOTE - You can also enrol a machine that does not contain an nToken as a client if it is on the same
network as the nShield 5c. However, the client will use software authentication. For full details, see the
nShield 5c Installation Guide.
Page 2 of 4 MAN10003-00-01 10 May 2022 Copyright © 2022 Entrust Corporation Page 3 of 4